Connectors
...
Actions
Get Vulnerability Findings
5 min
description retrieve categorized vulnerability findings from wiz using specified variables for asset and severity filtering endpoint method post inputs json body (object) – required variables (object) – required after (string) use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response orderby (object) the query's results order can be asc or desc determined by the firstdetectedat value direction (string) filterby (object) id (array) filter vulnerability findings matching these ids you can specify multiple values if no values are provided, then returns results from all ids vendorseverity (array) filter vulnerability findings according to the vendor severity you can specify multiple values if no values are provided, then returns results from all vendor severities firstseenat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format updatedat (object) – required after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format resolvedat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format hasfix (boolean) filter only vulnerability findings for vulnerabilities with an available fix hasexploit (boolean) filter only vulnerability findings for vulnerabilities with an available exploit hascisakevexploit (boolean) filter only vulnerability findings for vulnerabilities with an available cisa kev exploit vulnerabilityexternalid (array) filter only vulnerability findings whose external id matches these you can specify multiple values if no values are provided, then returns results from all external ids subscriptionexternalid (array) filter vulnerability findings from these subscription external ids you can specify multiple values if no values are provided, then returns results from all subscriptions assetid (array) filter only vulnerability findings on these asset ids you can specify multiple values if no values are provided, then returns results from all asset ids assettype (string) the type of asset object to appear in the vulnerability report if not specified, returns results for all asset types assetstatus (array) filter only vulnerability findings for assets with these statuses you can specify multiple values if no values are provided, then returns results for all asset statuses detectionmethod (array) filter only vulnerability findings found via these detection methods you can specify multiple values if no values are provided, then returns results for all detection methods isassetopentoallinternet (boolean) filter only vulnerability findings for assets that are excessively publicly accessible over the internet (from 0 0 0 0/0) assethashighprivileges (boolean) filter only vulnerability findings for assets that have high privileges assethasadminprivileges (boolean) filter only vulnerability findings for assets that have admin privileges status (array) filter by finding status you can specify multiple values in an array if no values are provided, then returns results from all statuses vulnerabilityid (array) filter only vulnerability findings whose vulnerability id matches these you can specify multiple values if no values are provided, then returns results from all vulnerability ids projectid (array) filter only vulnerability findings for the given projects you can specify multiple values if no values are provided, then returns results from all project ids layerid (array) filter only vulnerability findings attributed to these layer ids you can specify multiple values if no values are provided, then returns results from all layer ids isbaselayer (boolean) filter only vulnerability findings for container images that are attributed to a base image validatedinruntime (boolean) return only vulnerability findings that were validated in runtime use this filter only when the wiz runtime sensor is enabled in the wiz environment; otherwise, it will return null output example \[ { "status code" 200, "response headers" { "date" "sun, 30 jul 2023 13 08 22 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x dns prefetch control" "off", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x download options" "noopen", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "vary" "origin, accept encoding", "access control allow credentials" "true", "etag" "w/\\"c55 px/pxj1ss9ri2hnfwncd4aow2jq\\"", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" { "vulnerabilityfindings" { "nodes" \[ { "id" "5e95ff50 5490 514e 87f7 11e56f3230ff", "portalurl" "https //app wiz io/explorer/vulnerability findings# (entity ( '5e95ff50 5490 514e 87f7 11e56f3230ff 2csecurity tool finding))", "name" "cve 2020 35522", "cvedescription" "in libtiff, there is a memory malloc failure in tif pixarlog c a crafted tiff document can lead to an abort, resulting in a remote denial of service attack ", "cvssseverity" "medium", "score" 5 5, "exploitabilityscore" 1 8, "impactscore" 3 6, "datasourcename" null, "hasexploit" false, "hascisakevexploit" false, "status" "open", "vendorseverity" "medium", "firstdetectedat" "2022 05 01t11 36 10 063767z", "lastdetectedat" "2023 07 29t19 57 19z", "resolvedat" null, "description" "the package `libtiff` version `4 0 3 35 amzn2` was detected in `yum package manager` on a machine running `amazon 2 (karoo)` is vulnerable to `cve 2020 35522`, which exists in versions `< 4 0 3 35 amzn2 0 1` \n\nthe vulnerability was found in the \[official amazon linux security advisories]\(https //alas aws amazon com/al2/alas 2022 1780 html) with vendor severity `medium` (\[nvd]\(https //nvd nist gov/vuln/detail/cve 2020 35522) severity `medium`) \n\nthe vulnerability can be remediated by updating the package to version `4 0 3 35 amzn2 0 1` or higher, using `yum update libtiff` ", "remediation" "yum update libtiff", "detailedname" "libtiff", "version" "4 0 3 35 amzn2", "fixedversion" "4 0 3 35 amzn2 0 1", "detectionmethod" "package", "link" "https //alas aws amazon com/al2/alas 2022 1780 html", "locationpath" null, "resolutionreason" null, "epssseverity" "low", "epsspercentile" 46, "epssprobability" 0 1, "validatedinruntime" null, "layermetadata" null, "projects" \[ { "id" "83b76efe a7b6 5762 8a53 8e8f59e68bd8", "name" "project 2", "slug" "project 2", "businessunit" "", "riskprofile" { "businessimpact" "mbi" } }, { "id" "af52828c 4eb1 5c4e 847c ebc3a5ead531", "name" "project 4", "slug" "project 4", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } }, { "id" "d6ac50bb aec0 52fc 80ab bacd7b02f178", "name" "project1", "slug" "project1", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } } ], "vulnerableasset" { "id" "c828de0d 4c42 5b1c 946b 2edee094d0b3", "type" "virtual machine", "name" "test 4", "region" "us east 1", "provideruniqueid" "arn\ aws\ ec2\ us east 1 998231069301\ instance/i 0a0f7e1451da5f4a3", "cloudproviderurl" "https //us east 1 console aws amazon com/ec2/v2/home?region=us east 1#instancedetails\ instanceid=i 0a0f7e1451da5f4a3", "cloudplatform" "aws", "status" "active", "subscriptionname" "wiz integrations", "subscriptionexternalid" "998231069301", "subscriptionid" "94e76baa 85fd 5928 b829 1669a2ca9660", "tags" { "name" "test 4" }, "haslimitedinternetexposure" true, "haswideinternetexposure" true, "isaccessiblefromvpn" false, "isaccessiblefromothervnets" false, "isaccessiblefromothersubscriptions" false, "operatingsystem" "linux", "ipaddresses" \[ "172 31 29 61", "34 226 190 199" ] } } ], "pageinfo" { "hasnextpage" true, "endcursor" "eyjmawvszhmiolt7ikzpzwxkijoiq3jlyxrlzef0iiwivmfsdwuioiiymdiylta1ltaxvdexojm2ojewlja2mzc2n1oifsx7ikzpzwxkijoiswqilcjwywx1zsi6ijvlotvmzjuwltu0otatnte0zs04n2y3ltexztu2zjmymzbmzij9xx0=" } } } } } ] output parameters status code (number) reason (string) json body (object) data (object) vulnerabilityfindings (object) nodes (array) id (string) portalurl (string) name (string) cvedescription (string) cvssseverity (string) score (number) exploitabilityscore (number) impactscore (number) datasourcename (object) hasexploit (boolean) hascisakevexploit (boolean) status (string) vendorseverity (string) firstdetectedat (string) lastdetectedat (string) resolvedat (object) description (string) remediation (string) detailedname (string) version (string) fixedversion (string) detectionmethod (string) link (string) locationpath (object) resolutionreason (object) epssseverity (string) epsspercentile (number) epssprobability (number) validatedinruntime (object) layermetadata (object) projects (array) id (string) name (string) slug (string) businessunit (string) riskprofile (object) businessimpact (string) vulnerableasset (object) id (string) type (string) name (string) region (string) provideruniqueid (string) cloudproviderurl (string) cloudplatform (string) status (string) subscriptionname (string) subscriptionexternalid (string) subscriptionid (string) tags (object) name (string) haslimitedinternetexposure (boolean) haswideinternetexposure (boolean) isaccessiblefromvpn (boolean) isaccessiblefromothervnets (boolean) isaccessiblefromothersubscriptions (boolean) operatingsystem (string) ipaddresses (array) pageinfo (object) hasnextpage (boolean) endcursor (string) response headers header type date string content type string transfer encoding string connection string content security policy string cross origin embedder policy string cross origin opener policy string cross origin resource policy string x dns prefetch control string x frame options string strict transport security string x download options string x content type options string origin agent cluster string x permitted cross domain policies string referrer policy string x xss protection string vary string access control allow credentials string etag string content encoding string